package com.fr.privilege.filter.core;

import com.fr.base.FRContext;
import com.fr.base.Inter;
import com.fr.base.StringUtils;
import com.fr.privilege.authentication.Authentication;
import com.fr.privilege.authentication.AuthenticationFactory;
import com.fr.privilege.authority.Control;
import com.fr.privilege.manager.PrivilegeManager;
import com.fr.web.core.WebUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class TemplateAccessDealWith
{
  public static void dealWithRequest(String paramString, HttpServletRequest paramHttpServletRequest, HttpServletResponse paramHttpServletResponse)
    throws Exception
  {
    Authentication localAuthentication = AuthenticationFactory.extractAuthentication(paramHttpServletRequest);
    if (paramString != null)
      accessReportlet(paramString, localAuthentication, paramHttpServletRequest);
  }

  private static void accessReportlet(String paramString, Authentication paramAuthentication, HttpServletRequest paramHttpServletRequest)
    throws Exception
  {
    if ((paramString.indexOf(".") != -1) && (!(paramString.endsWith(".cpt"))))
      return;
    paramString = StringUtils.perfectStart(paramString, "/");
    int i = createCheckType(paramHttpServletRequest);
    if (!(hasLegalAccess(paramString, i, paramAuthentication)))
      throw new Exception(Inter.getLocText("Privilege-Your_Authentication_Can_Not_Access_The_Reportlet") + ":" + paramString + ".");
  }

  private static int createCheckType(HttpServletRequest paramHttpServletRequest)
  {
    String str = null;
    try
    {
      str = WebUtils.getHTTPRequestParameter(paramHttpServletRequest, "op");
    }
    catch (Exception localException)
    {
    }
    if (str == null)
      return 0;
    if ("write".equalsIgnoreCase(str))
      return 2;
    if ("form".equalsIgnoreCase(str))
      return 1;
    return 0;
  }

  public static boolean hasLegalAccess(String paramString, int paramInt, Authentication paramAuthentication)
  {
    return FRContext.getPrivilegeManager().getControl().access(paramAuthentication, paramString, paramInt);
  }
}